Starting the Approval Server Docker container by retrieving parameters from Vault
Learn about how to start the Approval Server Docker container container by
specifying CONFIGURE_MODE=Vault
.
Mandatory environment variables
These are the mandatory parameters that you need to specify to configure the container to retrieve more parameters from Vault. You can pass these parameters only as container environment variables.
Environment variable name | Description |
---|---|
TENANT | The name of the group that contains your set of environments. For example, MyCompany. |
ENVIRONMENT | The name of the environment. For example, Non-production. |
ENVTYPE | The environment type. Accepted values are auth and live. |
VAULT_TOKEN | The Vault token to use to connect to Vault and request certification from Vault PKI. |
VAULT_URL | The Vault URL to use to connect to Vault and request certification from Vault PKI. |
Mandatory Vault key values
These are the mandatory Vault key values that you must specify within Vault to configure the Approval Server Docker container container to use the Vault configuration mode.
Key name | Value |
---|---|
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/toolingOrigin
or
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/toolingBaseUrl |
The Auth
Tooling web URL. The sample format is:
Note:
|
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/toolingOrigin
or
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/toolingBaseUrl |
The live Tooling web URL. The sample format is:
Note: Optional for a SoFy environment Helm
Chart. |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/spiUserPwd |
The encrypted password for the spiuser. For more information, see Setting the spiuser password in your Docker images. |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/sessionKeyEncrypt |
The encrypted session key. Note: This parameter was optional in all
releases prior to HCL Commerce 9.1.12.0.
|
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/authJWKS |
The JSON Web Key Set (JWKS) containing the JSON Web
Key (JWK) used to validate the JSON Web Token (JWT) that is issued
by the Transaction server. TheApproval server only requires the public key related information from the JWT. In the event that the private key information is also included in the JWKS, the Approval server will remove the private key information and only configure the public key for use with the application. |
Optional Vault key values
These are the optional Vault key values that you can specify within Vault to configure the Approval Server Docker container container when used with the Vault configuration mode.
Key name | Value |
---|---|
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/domainName |
The internal service domain name. The default
value is default.svc.cluster.local . If the deployed
environment is on a special namespace on Kubernetes, then the domain
name should be .svc.cluster.local . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/externalDomainName |
The external domain name specifies the Store server web external domain name, which can
be recognized by your browser. For example, in the hostname
store.demo4qaauth.hcl.com , then
hcl.com is the external domain name. |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/txToolingHost |
The Auth Tooling web hostname. The Default value is
${TENANT}${ENVIRONMENT}authts-web.$DOMAIN_NAME . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/txToolingPort |
The Auth Tooling web port. The Default value is
8000 . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/txToolingHost |
The Live Tooling web hostname. The Default value is
${TENANT}${ENVIRONMENT}livets-web.$DOMAIN_NAME . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/txToolingPort |
The Live Tooling web port. The Default value is
8000 . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/reactStoreHost |
The Auth Store server web hostname. The
default value is
www.${TENANT}${ENVIRONMENT}auth${EXTERNAL_DOMAIN_NAME} . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/reactStorePort |
The Auth Store server web port. The
default value is 443 . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/reactStoreHost |
The Live Store server web hostname. The
default value is
www.${TENANT}${ENVIRONMENT}live${EXTERNAL_DOMAIN_NAME} . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/reactStorePort |
The Live Store server web port. The
default value is 443 . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/spiUserName |
The SPIUSER name. The default value is
spiuser . |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/extraAllowedOrigins/approval |
Extra allowed origins for the Approval server. |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/adminUser |
The Spring security user name. |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/adminPassword |
The Spring security user password. |
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/traceSpecification/approval-app |
The log level used for troubleshooting
purposes. Available log levels are:
Note:
|